Malware Hitting Surfers via Hallmark E-Card

Security Experts at Trend Micro are asking computer users to be wary of an e-mail that contains an e-card apparently from Hallmark, the developer of greeting cards, as reported by WebUsers on June 9, 2008.

The security researchers disclosed that in this e-card scam, an Internet user receives an electronic mail having the subject title "You've received A Hallmark E-Card!" The message's text filled with spelling and grammatical mistakes urges the recipient to click on an attached file to view the greeting.

The message part of the malicious e-mail reads as: "Subject: Tag!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
If Life is a waste of time, & time is a waste of life, then let's all get wasted together and have the time of our lives!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"

However, the attachment, an executable file named, postcard.exe, is a Notepad file having a bunch of random characters in it. The purpose is to distract the viewer while malicious code is installed onto the system from behind the scene. Once the user executes the file, the Notepad program automatically opens showing the junk characters and then the remaining actions follow.

Trend Micro Researchers, who have identified the malicious code as TROJ_INJECTOR.DD version 5.320.07, say that the Trojan comes via an attached file in e-mail messages as spam from another malicious user. Alternatively, some other malware too could drop the file. Even an unwitting user could download it when browsing malware-tainted Websites. Furthermore, the code drops its own replicas. It creates several registry entries so that the code automatically runs every time the system starts up. The registry keys are created to facilitate the installation process.

Additionally, the experts also found a binary file attached to message, apparently from Hallmark. It shows a pretty animation of a puppy that knocks on the computer screen and asks the viewer to forward the file and maintain the chain's continuity. But if users try to scan the animation, it leads to the wreckage of their Internet Explorer.

Moreover, according to the Researchers at Trend Micro, the incident of e-card is not the first of its kind, as in 2007, the Storm worm too sent out similar malicious cards.

» SPAMfighter News - 21-06-2008